Amazon CloudWatch Logs and Metrics destination plugin
The Amazon CloudWatch Logs and Metrics destination plugin lets you configure Chronosphere Telemetry Pipeline to stream your log data and metrics to CloudWatch Logs and Metrics, respectively.
Configuration parameters
The Amazon CloudWatch Logs and Metrics destination plugin provides these configuration parameters. Items in the Name column display in the Telemetry Pipeline web interface. Items in the Key column are the YAML keys to use in pipeline configuration files.
Required
| Name | Key | Description | Default |
|---|---|---|---|
| Region | region | Required. The AWS region to send your logs or metrics to. | us-east-1 |
| CloudWatch Log Group Name | log_group_name | CloudWatch Log Group Name. | none |
| CloudWatch Log Stream Name | log_stream_name | CloudWatch Log Stream Name. Not compatible with Log Stream Prefix. | none |
AWS Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| IAM Role ARN | role_arn | ARN of an IAM role to assume. For example, for cross account access. | none |
| CloudWatch Logs and Metrics API Endpoint | endpoint | Custom Endpoint for the Firehose API. | none |
| STS API Endpoint | sts_endpoint | Custom Endpoint for the STS API. | none |
| External ID for STS API | external_id | Specify an external ID for the STS API. Can be used with the role_arn parameter if your role requires an external ID. | none |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| CloudWatch Log Stream Name Prefix | log_stream_prefix | Prefix for CloudWatch Log Stream Name. Tag is appended to the prefix to form the stream name. | none |
| CloudWatch Log Group Template | log_group_template | Template for CloudWatch Log Group name using record accessor syntax. If needed, the plugin falls back to the log_group_name value. | none |
| CloudWatch Log Stream Template | log_stream_template | Template for CloudWatch Log Stream name using record accessor syntax. If needed, the plugin falls back to the log_stream_name or log_stream_prefix value. | none |
| Number of days to retain logs | log_retention_days | Any newly created log group's retention policy is set to this many days. Accepted values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653. | 0 |
| Log Format | log_format | Optional. Used to tell CloudWatch the format of the data. A value of json/emf enables CloudWatch to extract custom metrics embedded in a JSON payload. | none |
| Log Key | log_key | By default, the entire log record is sent to CloudWatch. If you specify a key name with this option, only the value of that key is sent to CloudWatch. For example, if you're using the Fluentd Docker log driver, you can specify log_key log, and only the log message is sent to CloudWatch. | none |
| Enable Auto Retry Requests | enable_retry_requests | Immediately retry failed requests to AWS services one time. This option doesn't affect the normal Fluent Bit retry mechanism with backoff. Instead, it enables an immediate retry with no delay for networking errors, which can help improve throughput when there are transient or random networking issues. | false |
| Enable Auto Create Log Group | auto_create_group | Automatically create the log group. Log streams are always automatically created. | false |
| Metric namespace for CloudWatch EMF logs | metric_namespace | Metric namespace for CloudWatch EMF logs. | none |
| Metric Dimension List | metric_dimensions | Metric dimensions is a list of lists. If you have only one list of dimensions, put the values as a comma-separated string. If you want to put list of lists, use the list as semicolon-separated strings. If your value is d1,d2;d3, the plugin considers it as [d1, d2], [d3]. | none |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enable or disable TLS/SSL support. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled. | on |
| TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Optional password for tls.key_file file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced Networking
| Name | Key | Description | Default |
|---|---|---|---|
| DNS Mode | net.dns.mode | Select the primary DNS connection type, which can be TCP or UDP. | none |
| DNS Resolver | net.dns.resolver | Select the primary DNS connection type, which can be LEGACY or ASYNC. | none |
| Prefer IPv4 | net.dns.prefer_ipv4 | Prioritize IPv4 DNS results when trying to establish a connection. Accepted values: true, false. | false |
| Keepalive | net.keepalive | Enable or disable Keepalive support. Accepted values: true, false. | true |
| Keepalive Idle Timeout | net.keepalive_idle_timeout | Set maximum time allowed for an idle Keepalive connection. | 30s |
| Max Connect Timeout | net.connect_timeout | Set maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
| Max Connect Timeout Log Error | net.connect_timeout_log_error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message. Accepted values: true, false. | true |
| Max Keepalive Recycle | net.keepalive_max_recycle | Set maximum number of times a keepalive connection can be used before it's retired. | 2000 |
| Source Address | net.source_address | Specify network address to bind for data traffic. | none |